Overview

overview

8

Static

static

1

6ab4814312...18.apk

android-9-x86

8

6ab4814312...18.apk

android-10-x64

8

6ab4814312...18.apk

android-11-x64

8

Analysis

  • max time kernel
    2s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ab48143125de5598a5c4d8d80092954_JaffaCakes118.apk

  • Size

    2.0MB

  • MD5

    6ab48143125de5598a5c4d8d80092954

  • SHA1

    53c62c6a12ffb7a54b4a27a108587656b5901c06

  • SHA256

    76bc03a9c2c03fd86eef6e7e562eaa18fb184daff791b59d29c69c66604a812c

  • SHA512

    8ad50bff70891def71c212208f05cf1da2d2e1438a957a14f72f56998707fc1ebe57c91cc6f48ebde1cbbc60401c2c633d06befa2fbc4fccb68e6a69832b0897

  • SSDEEP

    49152:D0D77lEdgMINw6QaCza7kW9u0kzH81E954Ut:o7l5Nw6Qaya7kSnkDOE954Ut

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.losg.xiaozhulaihua
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4243
    • ls /sys/class/thermal
      2⤵
        PID:4280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads